People entrust their personal safety and lives to medical devices every day – from pacemakers to insulin pumps to hospital infusion pumps and other devices. However, connected medical devices are highly vulnerable to compromise because apps that interact with them are insufficiently protected. One of the most prevalent medical device application security vulnerabilities is a lack of app binary protection which can allow unauthorized access to critical controls and data.
The risk is not hype – it’s real. In May of 2017, two Bayer® Medrad devices used to assist MRI scans were infected in the WannaCry ransomware attack. Fortunately, no harm occurred and the devices were restored within 24 hours. In August 2017, the FDA issued a security advisory requiring in-person patient firmware updates to Abbott’s 465,000 pacemakers.
Protect your devices and data by blocking unauthorized access, and prevent the copying, tampering and modifying of applications while stopping the insertion of malicious code. With static and runtime protection, as well as code and cryptographic key and data protection, your assets and information are safe from exposure and hacking.
With a new Pre-Cert for Software Pilot Program, the FDA has acknowledged that the traditional approach to hardware-based medical devices is not well suited for the faster and iterative design, development, and validation used for software products. One of the program's primary goals is to assure software iterations and learnings can be quickly incorporated back into the software development process. Read more about Arxan's 6 Security Considerations for FDA's New Medical Device Pre-Cert Program.